Thursday, February 24, 2022

CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP installation supports upload_progress. (CVSS:7.5) (Last Update:2022-02-24)
http://dlvr.it/SKc7NB

No comments:

Post a Comment

US offers $10 million reward for information on BlackCat ransomware gang. - The CyberWire

US offers $10 million reward for information on BlackCat ransomware gang.  The CyberWire http://dlvr.it/T4m3XP